As we noted in August 2018, industrial control system (ICS) security has become more complicated since the introduction of the web. Organizations are now bringing together the logical and physical resources of both information technology (IT) and operational technology (OT). This creates various ICS security challenges, including how each team must learn from and work with the other in the interest of preserving the organization’s security as a whole.

But ICS security is always changing. Whatever challenges there are today won’t be the challenges of tomorrow. That begs the question: what will have the greatest impact on ICS security in the next 5-10 years?

We asked a number of security experts to find out. Here’s what they had to say.

Gary DiFazio | Strategic Marketing Director, TripwireGary DiFazio

I think that there will continue to be events impacting many different kinds of industrial environments no matter what the vertical. These incidents will consist of either collateral damage from IT-based malware or ransomware or will be specifically targeted against industrial control systems. These events will negatively affect productivity and quality and also have the potential for physical damage. While malware is a risk, nation-state cyber warfare activities will also be more prevalent. This will be the new battlefield. Automation vendors will be pressured to create automation systems that are secure by design, and as plant or line upgrades happen overtime, the next generation systems will be more cybersecurity aware to thwart malicious behavior. Cybersecurity capabilities will become part of control systems’ DNA.

Nick Shaw | Senior System Engineer, TripwireNick Shaw ics

The amount of legacy systems using serial connections being migrated to Ethernet-based networks will increase significantly. IT technologies will continue to permeate industrial control systems, thus opening OT assets up to threats that the IT side of the shop is familiar with. (Read more...)